Bug 1528218 (CVE-2017-17790) - CVE-2017-17790 ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution
Summary: CVE-2017-17790 ruby: Command injection in lib/resolv.rb:lazy_initialize() all...
Status: CLOSED ERRATA
Alias: CVE-2017-17790
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
(Show other bugs)
Version: unspecified
Hardware: All Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20171219,reported=2...
Keywords: Security
Depends On: 1528226 1528227 1534437 1534438 1534936 1534937 1534938 1534939 1534940 1534941
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-12-21 10:30 UTC by Adam Mariš
Modified: 2018-03-26 10:25 UTC (History)
31 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
The "lazy_initialize" function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-12-21 13:41:18 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0378 normal SHIPPED_LIVE Important: ruby security update 2018-03-01 01:06:17 UTC
Red Hat Product Errata RHSA-2018:0583 None None None 2018-03-26 09:47 UTC
Red Hat Product Errata RHSA-2018:0584 None None None 2018-03-26 10:01 UTC
Red Hat Product Errata RHSA-2018:0585 None None None 2018-03-26 10:25 UTC

Description Adam Mariš 2017-12-21 10:30:26 UTC
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.

Upstream bug:

https://github.com/ruby/ruby/pull/1777

Upstream patch:

https://github.com/ruby/ruby/commit/e7464561b5151501beb356fc750d5dd1a88014f7

Comment 1 Adam Mariš 2017-12-21 10:40:08 UTC
Created ruby tracking bugs for this issue:

Affects: fedora-all [bug 1528226]


Created ruby193-ruby tracking bugs for this issue:

Affects: openshift-1 [bug 1528227]

Comment 2 Adam Mariš 2017-12-21 13:41:18 UTC
Statement:

This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Comment 4 errata-xmlrpc 2018-02-28 20:03:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0378

Comment 8 errata-xmlrpc 2018-03-26 09:47:22 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS

Via RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0583

Comment 9 errata-xmlrpc 2018-03-26 10:01:00 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS

Via RHSA-2018:0584 https://access.redhat.com/errata/RHSA-2018:0584

Comment 10 errata-xmlrpc 2018-03-26 10:25:23 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS

Via RHSA-2018:0585 https://access.redhat.com/errata/RHSA-2018:0585


Note You need to log in before you can comment on or make changes to this bug.